In a paper detailing privacy threats for 3G, 4G and 5G, researchers from the Technical University in Berlin, ETH Zurich and SINTEF Digital Norway found a vulnerability affecting Authentication and Key Agreement (AKA) — which is how your phone securely communicates with cellular networks.
The new vulnerability allows potential data thieves to steal information from 5G airwaves, such as number of calls and text messages sent, according to ZDNet.
The advent of 5G is supposed to bring supercharged speeds to mobile devices, and low latency, opening the door for tech innovations like self-driving cars and virtual reality. The new technology is also supposed to bring in a new level of security, as government agencies use International Mobile Subscriber Identity, or IMSI catchers to impersonate cell towers and spy on phones with older connections.
IMSI catchers, sometimes referred to as “Stingrays,” pretend to be phone towers and trick phones into connecting to it, allowing spies to gather information like location and details on phone calls. As networks became more advance, it became harder for IMSI catchers to work, but many were still capable of spying on mobile devices.
5G’s AKA was supposed to protect against IMSI catchers, but the researchers found a new vulnerability that could trick the authentication protocol into giving up sensitive information.
The researchers tested this on an existing 4G network, but said the attacks could apply to 5G networks once they’re available. But there’s still time to fix this flaw before 5G technology is released by the end of 2019.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.